Trend Micro Security

Apache httpd 'mod_status' Heap Buffer Overflow Vulnerability

2015年7月21日
  危険度: :
  CVE識別番号: 2014-0226

  概要

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

  トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1006049
  Trend Micro Deep Security DPI Rule Name: 1006067 - Identified Too Many HTTP GET Requests

  影響を受けるソフトウェア

  • apache http_server 2.4.1
  • apache http_server 2.4.2
  • apache http_server 2.4.3
  • apache http_server 2.4.4
  • apache http_server 2.4.6
  • apache http_server 2.4.7
  • apache http_server 2.4.8
  • apache http_server 2.4.9